Controller:
Mundo Magico Kordy
Av. Lopez Mateos Sur #2077 int.18
disfraceskordy@yahoo.com.mx
This Privacy Policy describes how the Controller processes personal data collected on thiswebsiteand through associated webpages,functions, services and content (hereinafter jointly referred to as "Website") and describes the scope and purpose of the processing.
1. User rights1.1 Users have the right to obtain information free of charge on the personal data the Controllerhas collected about them. In addition, Users have the right to correct any inaccurate data, restrict the processing of their personal data or delete it, and, where applicable, assert their right to data portability. Users also have the right to submit a complaint to the relevant supervisory authorities if they suspect that data has been processed unlawfully.
2. Right to object2.1 Users can choose to opt out of the future processing of their personal data at any time in accordance with statutory provisions. This right to objectapplies in particular to the processing of data for the purposes of direct advertising.
3. Amendments to this Privacy Policy3.1 The Controller reserves the right to amend this Privacy Policy at any time to reflect changes in the legal situation or changes relating to the Website or data processing. If Users’ consent is required or if the Privacy Policy contains provisions for the contractual relationship with the Users, the changes shall only be made with the consent of the Users.
3.2 Users are requested to check the Privacy Policy on a regular basis to keep up-to-date with its content.
4. General information on data processing and legal basis4.1 The personal data of the Users processed in the context of this Service include inventory data (e. g., names and addresses), contract data (e. g., services used), usage data (e. g., the websites visited, interest in thiscontents),meta/communication data (device IDs, IP addresses) and content data (e. g., entries in the contact form or a guestbook).
4.2 The term "User" covers all categories of data subjects concerned. It includesin particular visitors to thisWebsite. The terminology used within this Privacy Policy, such as "Users", is gender-neutral.
4.3 All the personal User data that is collected is processed in accordance with the relevant data protection regulations. That means the Controller only processes User data where this is permitted by law. This applies, in particular, if data processing is required or prescribed by law in order to furnish this contractual services (e.g. to process orders) and provide online services, or if the Users has provided a consent, or if it is for the purposes of the legitimate interests of the Controller (i.e. this interest in analyzing, optimizing and (in case of commercial use) running thisWebsite in a secure and (if this Website is run by a business) commercially viable manner within the meaning of Art. 6 (1) f. of the General Data Protection Regulation (GDPR).
4.4 In regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), please note that the legal basis for the data subject giving consent is Art. 6 (1) a. and Art. 7 GDPR, the legal basis for processing data in order to perform this contractual services and discharge this contractual obligations is Art. 6 (1) b. GDPR, the legal basis for processing data in order to comply with this legal obligations is Art. 6 (1) c. GDPR, and the legal basis for processing data for the purposes of this legitimate interests is Art. 6 (1) f. GDPR.
5. Security safeguards5.1 The Controllerapplies state-of-the-art organizational, contractual and technical security measures to ensure compliance with the provisions of data protection legislation and thereby to protect the data the Controllerprocesseses against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
5.2 These security measures include, in particular, the encrypted transmission of data between your browser and our server.
6. Deletion of data6.1 The data stored by us is deleted once it is no longer required for the designated purpose and provided that the Controller have no statutory obligation to retain said data. In the event User’s data is not deleted because it is required for other purposes permitted by law, then its processing shall be restricted accordingly, i.e. the data shall be blocked and no longer processed for other purposes. This applies, for example to User data that must be retained due to commercial or tax requirements.
7. Forwarding of data to third parties and third-party providers7.1 Data is only forwarded to third parties to the extent permitted by law. The Controller only forward User data to third parties if, for example, this is necessary in order to fulfil the contractual obligations towards the Users or if the Controller make use of third party services within the scope of this legitimate interests.
7.2 Insofar as the Controller make use of third-party services to furnish own services, the Controller ensures appropriate legal safeguards are in place and take appropriate technical and organizational steps to ensure that personal data is protected in compliance with applicable statutory requirements.
7.3 Insofar as content, tools or any other resources from other providers (hereinafter referred to as “third-party providers”) are used within the scope of this Privacy Policy and the third-party providers have their registered headquarters in a third country, it should be assumed that data will be transferred to the country of domicile of the third-party provider.The term “third country” refers to countries in which the GDPR does not constitute directly applicable legislation, i.e. essentially countries outside the EU or the European Economic Area.Data shall be transferred to third countries if an adequate level of data protection is in place, if the Users have provided their consent, or if this transfer is permitted by law in any other way.
8. Cookies & reach measurement8.1 Cookies are data files that are transferred from this web server or third parties’ web servers to the User’s web browser and stored there for later retrieval. Cookies may comprise small files or any other kinds of information storage. When the User browses the same website in the future, the data stored in the cookie can be retrieved by the Website to notify the Website of the User's previous activity. The Controller uses so-called "session cookies", which information are only stored for the duration of the current visit to this Website (e. g. to enable your login status). A session cookie stores a randomly generated unique identification number, a so-called session-ID. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when Users have finished using my online offer and, for example, log out or close the browser.
8.2 This Privacy Policy also explains to Users how the Controller uses cookies in a pseudonymized manner to measure reach.
8.3 If the User does not wish cookies to be stored on their computer, the Controller hereby request that they disable the relevant option in their browser settings. Stored cookies can be deleted in the browser settings at any time. Disabling cookies may prevent the User from enjoying the full functionality of this Website.
8.4 Users can block cookies that are used for tracking and online advertising by visiting the opt-out page of the network advertising initiative (
http://optout.networkadvertising.org/) and also by managing their preferences on the U.S. website
http://www.aboutads.info/choices or the European website
http://www.youronlinechoices.com/uk/your-ad-choices/.
9. Hosting und Serverlogfiles9.1 This Website is hosted by webme GmbH, Strassburger Strasse 55, 10405 Berlin, Germany (
https://www.own-free-website.com). webme's privacy policy can be found at
https://www.own-free-website.com/en/Privacy-Policy.php.
9.2 The legal basis of the processing is Art. 6 para. 1 lit f. DSGVO based on legitimate interests in the use of a server and software infrastructure for security and efficiency reasons. webme processes user data only for the purpose of providing this Website and maintaining its security.
10. Collection of access data (logfiles)10.1 For the purposes of this legitimate interests, the Controller’s server provider collects data every time the server on which the service is located is accessed. This data is collected in the form of server log files. These logs include the name of the webpage and/or file accessed by the User, the date and time of access, the amount of data transferred, notification of successful retrieval, details of the web browser used (including the version), the User’s operating system, the referrer URL (of the previous page linking to this Website), the IP address and the requesting provider.
10.2 Log file information is retained for security reasons (e.g. to detect improper use or fraud) for a maximum of seven days before being deleted. Data that is to be retained as evidence shall be excluded from deletion until the relevant case has been finalized.
11. Particular Functions of the Website11.1 This Website will be further developed and may change in the future. In particular, individual functions of the Website can be added or removed. The functions described below therefore apply if they are made available within the Website (e.g., commercial use, guestbook, forum, newsletter, third-party services).
11.2 The legal basis for data processing within the framework of the following functions of the Website is Art. 6 (1) b. GDPR. If IP addresses are stored, this is done in accordance with Art. 6 (1) f. GDPR based on the legitimate interests of defending and/or pursuing possible inadmissible content.
12. Processing of data within the course of customer relations12.1 If this Website is used for commercial purposes, the Controller processes inventory data (e. g., names and addresses as well as contact data of Users) and contract data (e. g., services used, names of contact persons, payment information) of the customers and interested parties for the purpose of fulfilling the contractual obligations and services in accordance with Art. 6 (1) b. GDPR.
13. Contact and enquiries13.1 If a User gets in touch with us via the contact form or by email, we process the User’s details in order to respond to and deal with the query or request according to Art. 6 (1) b. GDPR.
14. Guestbook14.1 The entries in guest books are visible to the public. In the context of the entry, the name of the author, if registered or indicated, the provided address of the User’s website and the time of the entry is stored. Furthermore, the IP address of the author is stored if the entries should have an inadmissible content and the IP address could serve the pursuit of rights. The IP addresses are deleted after 14 days at the latest. Furthermore, the Controller reserves the right to delete the entries on the basis of a reasonable consideration.
15. Bulletin Board15.1 Participation on the Board requires registration with a Username (which might be a pseudonym), password and e-mail address to which the access data will be sent. For security reasons, the password should be complex (at least 6 characters) and should not be used elsewhere.
15.2 The entries in the forum are visible to the public. The entry, the name of the author (if registered or indicated) and the time of the entry is stored.
15.3 When registering and writing entries, the IP addresses of Users will be stored, in case the entries have inadmissible content and the IP addresses could be used for the pursuit of rights. The IP addresses are deleted after 14 days at the latest.
15.4 The person responsible reserves the right to delete registrations and entries on the basis of a reasonable consideration.
16. Surveys16.1 When Users participate in surveys, no personal data is stored. The surveys are anonymous.
17. Google Analytics17.1 For the purposes of this legitimate interests (i.e. this interest in analyzing, optimizing and (in case of commercial use) running this Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR, the Controller uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. (“Google”). Google uses cookies. The information generated by cookies concerning the use of the Websites by the User will generally be transmitted to and stored by Google on servers in the USA.
17.2 Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
17.3 Google will use this information on this behalf for the purpose of evaluating use of this Websites by the User, compiling reports on activity on the Websites, and providing us with other services relating to the use of the Websites and use of the Internet. This process may involve creating pseudonymized usage profiles of Users from the processed data.
17.4 The Controller only uses Google Analytics with IP anonymization enabled. That means Google truncates the User’s IP address within Member States of the European Union and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
17.5 The IP address transmitted by the User’s browser is not associated with any other data held by Google. Users can prevent cookies from being installed on their computer by adjusting their browser settings accordingly. Users can also prevent Google from collecting data generated by cookies concerning their use of the Websites and can prevent Google from processing this data by downloading and installing a browser plug-in from the following link:
http://tools.google.com/dlpage/gaoptout?hl=en.
17.6 For more information on how Google uses data and how to opt out, please refer to Google’s websites:
https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use this partners' sites or apps”),
http://www.google.com/policies/technologies/ads (“How Google uses data in advertising”),
http://www.google.com/settings/ads (“Control the information Google uses to show you ads”).
18. Facebook Social Plugins18.1 On the basis of the legitimate interests (i.e. interest in the analysis, optimisation and (in case of commercial use) running this Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR) Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") are used. The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white "f" on blue tile, the terms "like", "like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook Social Plugins can be viewed here:
https://developers.facebook.com/docs/plugins/.
18.2 Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
18.3 If a User calls up a function of this Website that contain such a plugin, his device establishes a direct connection to the Facebook servers. In doing so, User data concerning the visit and interests in this Website as well as the software and hardware used and the time of the visit and the IP address of the Users are transmitted to Facebook. User profiles can be created from the processed data and cookies with User profile data can be stored on their device. The User data processed by Facebook may be used for marketing purposes.
18.4 The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of Users' privacy, can be found in Facebook's data protection information:
https://www.facebook.com/about/privacy/.
18.5 Users may also object to the use of cookies for measuring range and advertising purposes via the Network Advertising Initiative's deactivation page (
http://optout.networkadvertising.org/) and additionally via the US website (
http://www.aboutads.info/choices) or the European website (
http://www.youronlinechoices.com/uk/your-ad-choices/).
19. Integration of third-party services and content19.1 For the purposes of the legitimate interests (i.e. this interest in analyzing, optimizing and (in case of commercial use) running this Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR), the Controller uses third-party content and service delivery providers on this Websites in order to incorporate content and services such as videos and fonts, for example (hereinafter jointly referred to as “Content”). The third-party provider of this Content always requires the User's IP address in order to send the Content to the browser of the respective User. In other words, the IP address is required to display this Content. The Controller endeavors only to use such Content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use “pixel tags” (invisible image files, also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to analyze information such as the number of visitors accessing the pages of this Website. The pseudonymized information may additionally be stored on User devices in the form of cookies. This information includes technical information on the browser and operating system, referring websites, time spent on the Website, and further details on how Users make use of this Websites, plus it can also be combined with comparable information from other sources.
19.2 The list below provides an overview of third-party providers and their Content as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:
- Videos on the “YouTube” platform provided by the third-party company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Privacy policy:
https://www.google.com/policies/privacy/; opt-out:
https://www.google.com/settings/ads/. Notes on Google, Inc.: Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Maps from the “Google Maps” service provided by the third-party company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Privacy policy:
https://www.google.com/policies/privacy/; opt-out:
https://www.google.com/settings/ads/.
- Google Recaptcha, a so-called captcha verification of the third party Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Recaptcha helps to verify whether entries on his Website are from humans or from bots or similar systems. Privacy policy:
https://www.google.com/policies/privacy/, opt-out:
https://www.google.com/settings/ads/. Further privacy notices and opt-out notices can be found in the respective Google Recaptcha requests that are issued to Users.